Flappy Bird quickly became one of the most popular and addictive games users have encountered recently on the mobile platform. Many found the simple task of guiding a pixelated bird through Super Mario-style pipes irresistible, which some are saying is the reason the game’s creator removed it from app stores. However, cybercriminals are cashing in on Flappy Bird’s fame by letting malicious, impostor versions loose on third-party application marketplaces.
After being pulled by its creator on Feb. 10, true editions of Flappy Bird now only exist on the hardware of those who downloaded it before then, noted the International Business Times. However, the unlucky users looking to play are being exploited on what IBT contributor Ryan Neal calls the “Flappy Bird black market.”
Range of malicious capabilities
CNET stated that security researchers discovered several fake programs that appear eerily similar to Flappy Bird. These malicious editions are becoming harder to spot, leveraging many of the same styles and even the same bird icon as the original. However, these games have been putting endpoint security of a significant number of users at risk. In some cases, the fakes infect mobile devices with malware, and other users have reported being prompted by the app to send text messages to an unrecognized number provided by the fraudulent flappy fowl. These texts are sent to premium rate numbers, which result in considerable charges on the user’s mobile phone bill.
Additionally, cyberthieves are also selling bogus iOS and Android version for as much as $100,000 on eBay and other underground marketplaces, IBT stated. The fake Flappy Bird not only asks for users’ permission to access the network, but also request access to text messages, Web bookmarks and history, and to serve advertisements.
The Register also reported that some feathery imitations attempt to exploit users with survey scams aimed at gaining sensitive personal information that can be utilized in other fraudulent activities. Such scams present themselves as customer surveys and encourage participation by offering prizes or other incentives. However, individuals never receive the promised goods no matter how much information they divulge.
Security experts noted that the counterfeit Flappy copies are becoming especially rampant in Russian and Vietnamese application stores as more users attempt to play the addictive game. IBT also stated that even when individuals exit and quit the impostor app, it continues to run on the operating system’s background, further threatening endpoint data protection.
Although Flappy Bird is one of the hottest games right now, keeping many users’ faces glued to their screens, the endpoint security risks are real. For this reason, individuals should not attempt to download versions of it if they did not do so before it was pulled. Security experts also advised only utilizing trusted app platforms when downloading programs to mobile devices.